[FX.php List] [OFF] Protecting folder contents with PHP/htaccess
Jonathan Schwartz
jschwartz at exit445.com
Tue Mar 11 19:27:37 MDT 2008
Great suggestions, Leo. I'll check them out.
The nature of the options you suggested also confirms that this isn't
a RTFM question. I hate finding out I asked one of those. ;-)
J
At 2:16 AM +0100 3/12/08, Leo R. Lundgren wrote:
>There are some ways to do this, with their pros and cons.
>
>One way is to put the files outside the docroot/unprotected space of
>the website, and have PHP readfile() or passthrough the contents.
>This will consume resources though, and prevent caching unless you
>handle that specifically.
>
>Another way is to use a mechanism such as Lighttpd's X-Sendfile,
>which will let PHP tell the httpd to send a file as the response to
>a request from a client. You can check out the Lighttpd website if
>you're interested in that, or you can look at this that I just
>found, not sure how usable it is, but it should give you an idea
>about what it is:
>http://www.screenage.de/blog/2008/02/22/libapache2-mod-xsendfile-processes-x-sendfile-headers-with-apache2/
>
>On a similar note to X-Sendfile is
>http://se2.php.net/manual/en/function.virtual.php#67945 , which
>seems to need a bit too much site-specific configuration for my
>taste though.
>
>Just throwing out some ideas!
>
>-|
>
>12 mar 2008 kl. 01.37 skrev Jonathan Schwartz:
>
>>Hi Folks,
>>
>>I have password access designed into a system that works just
>>fine. Once logged in, users can view and download private documents
>>by clicking on links for: PDF, DOC, XLS and PPT.
>>
>>But, I'm concerned about the files in the folder could be accessed
>>by search bots or via linked URLs.
>>
>>I understand that I can use htaccess to lock/unlock the folder, but
>>users shouldn't have to log in twice.
>>
>>Is there a way to have the PHP login talk to the htaccess log in?
>>
>>Or, should I be exploring other options?
>>
>>Thx
>>
>>Jonathan
>>--
>>Jonathan Schwartz
>>Exit 445 Group
>>jonathan at exit445.com
>>http://www.exit445.com
>>415-381-1852
>>_______________________________________________
>>FX.php_List mailing list
>>FX.php_List at mail.iviking.org
>>http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
>-|
>
>_______________________________________________
>FX.php_List mailing list
>FX.php_List at mail.iviking.org
>http://www.iviking.org/mailman/listinfo/fx.php_list
--
Jonathan Schwartz
Exit 445 Group
jonathan at exit445.com
http://www.exit445.com
415-381-1852
More information about the FX.php_List
mailing list